Only administrator can make changes to categories

2017-09-11 10:20:20 +07:00 · 2017-09-11 10:20:20 +07:00 · 146b5d33e6
commit 146b5d33e6
parent eeaa2427a0
2 changed files with 14 additions and 7 deletions
--- a/App/Controllers/Posts.php
+++ b/App/Controllers/Posts.php
@ -81,11 +81,11 @@ class Posts

        $url = 'Data/pengumuman.html';

-        $status = '';
+        $privilage = '';

        if (Session::exists('userid')) {
            $post = $this->model->showAll();
-            $status = 'admin';
+            $privilage = Session::get('privilage');
        }

        if ($post !== false) {
@ -102,7 +102,7 @@ class Posts
        }
        View::render($url, [
            'posts' => $posts,
-            'status' => $status
+            'privilage' => $privilage
        ]);
    }

@ -198,6 +198,11 @@ class Posts
    public function category()
    {
        if (Session::exists('userid')) {
+            if (Session::get('privilage') != 1)  {
+                Session::flash('info', 'Hanya admin yang bisa mengatur kategori.');
+                Redirect::to('/');
+                die();
+            }
            $categories = [];
            $get_categories = $this->model->showAll([], 'kategori');

@ -212,7 +217,7 @@ class Posts
                'token' => Token::generate()
            ]);
        } else {
-            throw new \Exception("Bad request", 400);
+            throw new \Exception("Page not found", 404);
        }
    }

--- a/App/Views/Data/pengumuman.html
+++ b/App/Views/Data/pengumuman.html
@ -29,9 +29,11 @@

    <br />

-    {% if status %}
+    {% if privilage != "" %}
        <a href="/posts/entry">+ Tambah Pengumuman</a>
-        <a href="/posts/category">+ Tambah Kategori</a>
+        {% if privilage == 1 %}
+            <a href="/posts/category">+ Tambah Kategori</a>
+        {% endif %}
        <a href="/logout">Keluar</a>
-    {% endif %}
+        {% endif %}
 {% endblock %}